VYPR

Aix

by IBM

CVEs (402)

  • CVE-2005-3504Nov 5, 2005
    risk 0.00cvss epss 0.03

    Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled, allows remote attackers to cause a core dump and possibly execute arbitrary code.

  • CVE-2005-3396Nov 1, 2005
    risk 0.00cvss epss 0.03

    Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.

  • CVE-2005-3289Oct 23, 2005
    risk 0.00cvss epss 0.00

    LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file.

  • CVE-2005-3060Sep 30, 2005
    risk 0.00cvss epss 0.01

    Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors.

  • CVE-2005-2237Jul 12, 2005
    risk 0.00cvss epss 0.00

    Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments.

  • CVE-2005-2234Jul 12, 2005
    risk 0.00cvss epss 0.01

    Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.

  • CVE-2005-2233Jul 12, 2005
    risk 0.00cvss epss 0.00

    Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare.

  • CVE-2005-2238Jul 12, 2005
    risk 0.00cvss epss 0.01

    ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports.

  • CVE-2005-2235Jul 12, 2005
    risk 0.00cvss epss 0.01

    Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.

  • CVE-2005-0250May 2, 2005
    risk 0.00cvss epss 0.01

    Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument.

  • CVE-2005-1037May 2, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges.

  • CVE-2005-1176May 2, 2005
    risk 0.00cvss epss 0.00

    Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.

  • CVE-2005-0240May 2, 2005
    risk 0.00cvss epss 0.00

    Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an error message.

  • CVE-2005-0991May 2, 2005
    risk 0.00cvss epss 0.00

    RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files.

  • CVE-2005-0261Feb 10, 2005
    risk 0.00cvss epss 0.00

    lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.

  • CVE-2004-1028Jan 10, 2005
    risk 0.00cvss epss 0.00

    Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.

  • CVE-2004-2634Dec 31, 2004
    risk 0.00cvss epss 0.00

    The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors.

  • CVE-2004-2388Dec 31, 2004
    risk 0.00cvss epss 0.02

    rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.

  • CVE-2004-0243Nov 23, 2004
    risk 0.00cvss epss 0.02

    AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.

  • CVE-2004-0828Nov 3, 2004
    risk 0.00cvss epss 0.00

    The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files.

Page 15 of 21